Key Words

Synopsis

Cybersecurity is a leading national problem for which the market may fail to produce a solution because individuals often select less than optimal security levels in a world of positive transaction costs. The problem is compounded because the insecure networks extend far beyond the regulatory jurisdiction of any one nation or even coalition of nations. This book brings together the views of leading law and economics scholars on the nature of the cybersecurity problem and possible solutions to it. Many of these solutions are market based, but in need of aid, either from government or industry groups or both.

Unlike traditional crime, which terrorizes all, but has far fewer direct victims,
cybercrime impacts the lives of virtually all citizens and almost every company. The
Computer Security Institute and the FBI recently released the results of a study of 538
companies, government agencies and financial institutions. Eighty-five percent of the
respondents reported having security breaches, 64% experienced financial loss as a
result.4 As this problem grows on a daily basis, it becomes imperative that society
identify the most economically efficient way of fighting cybercrime. In this volume, the
authors present a unique cross-section of views that attempt to identify the true problems
of cybersecurity and present solutions that will help resolve these challenges. In the first
section of the book, two authors outline some of the major problems of cybersecurity and
explain how the provision of cybersecurity differs from traditional security models.

The second section of this volume Yochai Benkler argues that cybersecurity is
best addressed by making system survivability the primary concern of security measures,
rather than attempting to create impregnable cyber fortresses. By mobilizing excess
capacity that users have on their personal devices, a network-wide, self-healing device could be created. The already existing system of music-sharing offers a model of how this type of security could be achieved.

The second-half of the volume attempts to create regulatory solutions that will
address the major problems of cybersecurity. The authors highlight the debate between
public and private security with highly divergent positions. Amitai Aviram offers the
perspective of private ordering as achieved through private legal systems (PLSs),
institutions which aim to enforce norms when the law fails, neglects or chooses not to
regulate behavior. Aviram’s article gives a broad perspective to how PLSs are formed
and then offers practical applications for the field of cybersecurity. Aviram reasons that
PLSs cannot spontaneously form because new PLSs often cannot enforce cooperation.
This gap occurs because the effectiveness of the enforcement mechanism depends on the
provision of benefits by the PLS to its members, a factor that is non-existent in new
PLSs.

Once you have moved past the question of whether private or public action should
be favored, you must look to the issue of whether local action is sufficient. Cybercrime
proposes unique jurisdictional questions because actions in one country may have effects
in another. If the host country will not enforce laws against the cybercriminals, how can
the victim country stop the attack? This issue of ambiguous jurisdiction is one of the
failures of modern international law in this area. This would seem to suggest that
international cooperation should take place. Trachtman suggests creating an umbrella
organization that has jurisdiction over these matters and can act transnationally.
Trachtman concludes by offering a variety of game theory presentations that exhibit
when and how international cooperation can best occur in the realm of cybersecurity.

The authors in this volume have attempted to provide a source for better
understanding the dilemmas and debates over how cybersecurity is best provided.
Whether it is through private legal systems or public enforcement or a combination of the
two, society can scarcely wait in finding new and more efficient tools in the war on
cybercrime.